E
E
Evgeny Oleinikov2018-07-12 01:46:13
Squid
Evgeny Oleinikov, 2018-07-12 01:46:13

Squid transparent proxy blocking traffic?

Good day to all!
I have a Squid proxy with the following config:

acl localnet src 192.168.31.0/24
acl localnet src 10.8.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access allow all  
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/auth_users
auth_param basic children 25
auth_param basic realm SQUID PROXY
auth_param basic credentialsttl 3 hours
acl auth_users proxy_auth REQUIRED
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost 
dns_nameservers 8.8.8.8
http_access allow localnet
http_access allow localhost
http_port 8892 
http_port 8899 intercept
cache_dir ufs /var/spool/squid 512 16 256
cache_mem 124 MB
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

With a direct connection from the browser to port 8892, everything works, but if you wrap the traffic on a transparent
iptables -t nat -A PREROUTING -i br1 -p tcp --dport 80 -j DNAT --to 10.8.0.1:8899

then the traffic is blocked with an error
Access is denied.
The access control system does not allow your request to be fulfilled at this time. Contact your administrator.
Your cache administrator: root.

Where is the mistake?
Thanks in advance for your replies

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question